Continuing on our previous article – Types of Software Testing | Agile is NOT a ‘Testing Type’, let’s deep dive into the world of different Types of QA Testing. (Hope you have gone through the basics “Attention! Get your facts clear before facing an interview!” to clarify most of the doubts about different Test terminologies.
Deployment, Installation, Configuration & Un-installation Testing
Out of all types of QA testing hope this is self-explanatory – testing the software processes of deployment, installation, configuration to specific environment and finally the un-installation. A software should perform as expected post deployment, installation & configuration – with respect to functionality, performance & security. What if there is an upgrade to the software version? The objective is to test the software setup activities & uninstall process.
One of the most important and common out of all types of QA testing. The objective is not functional but to uncover performance issues such as network delay, data rendering, database transaction processing, load balancing between servers, throughput, response time, etc. (speed and efficiency of the system). Performance testing is critical for business intensive applications such as stock trade, financial transactions, etc. It’s a broader set of Test type including Load, Stress & Volume tests – generally carried out using automation tools.
Caution: It is not until all systems elements are fully integrated and certified as free of defects the true performance of a system can be ascertained. As you are measuring the application’s performance, to gauge accurately the environment (hardware requirements) should be as it will be in production environment.
Load as in testing the ‘capacity’ of the application under test. Didn’t get it? The common scenario in most of the IT firms – the company portal cannot be accessed as soon as you get the news that appraisal letters have been released J The reason – Load testing wasn’t performed 🙂 The portal couldn’t handle the Users’ rush or concurrent access to the system.
The objective is to check the behavior of the software under normal and over peak load conditions – at what point the system’s response time degrades or fails. Load testing is usually performed using automated testing tools like JMeter, Load Runner, and Silk Performer – several virtual users can be created and then a script can be executed to check how the software behaves when multiple users try to access the system concurrently.
When do you get stressed? Yeah! When we can’t handle the pressure. To a certain limit, we can handle the tension but beyond it – stressed.
Similarly a software is built to handle a certain load, beyond that it breaks. The objective of ‘Stress Testing’ is to test the software under abnormal load conditions (beyond the acceptable limit) and then its performance is monitored to observe how the software would behave at breakpoint. There are many ways of creating abnormal conditions – the database can be turned off and on, complex database queries, continuous input to system, database load or network ports can be shut or restarted randomly. A graceful degradation under load leading to non-catastrophic failure is the desired result. The most common way of performing stress testing is by starting processes that would consume a lot of resources. Stress testing enables to check some of the quality attributes like robustness and reliability.
Volume (meaning ‘Bulk’) testing is carried out to find the response of the software with different sizes of the data being sent/received or to be processed. E.g. If you were to be testing Microsoft word, volume testing would ensure if word can open, save and work on files of different sizes (10 to 100 MB).
What if any one logging to Facebook can access your profile data & can post on your behalf? Critical security breach, right?
As the name suggests – the objective of security testing is to verify how secure the software is to external or internal threats from humans and malicious programs. E.g. software’s authorization mechanism, how strong is authentication, maintaining data confidentiality & integrity, etc. In other words Security testing assures that the program is accessed by the authorized personnel only. Authentication (login credentials are checked) and authorization (privileges to access restricted features) are considered to be two very important aspects of software testing. Security is especially important for applications that require firewalls, encryption, user authentication, financial transactions, or access to databases with sensitive data. Security testing requires good knowledge of application, technology, networking & security testing tools.
Besides authentication and authorization, security testing also deals with confidentiality, integrity, availability, non-repudiation, software data security, SQL insertion flaws, cross-site scripting attacks and other security related concern which is a complete different subject matter expertise by itself.
Also known as PenTest in short, it’s a type of security testing. The objective is to gauge how secure software and its environments (hardware, operating system and network) are when subject to attack by an external or internal intruder. Intruder can be a human/hacker or malicious programs. Pentest uses methods to forcibly intrude (by brute force attack) or by using a weakness (vulnerability) to gain access to a software or data or hardware with an intent to expose ways to steal, manipulate or corrupt data, software files or configuration. Penetration Testing is a way of ethical hacking, an experienced Penetration tester will use the same methods and tools that a hacker would use but the intention of Penetration tester is to identify vulnerability and get them fixed before a real hacker or malicious program exploits it.
Vulnerability or weakness in the software system that exposes it’s important functionality or data to unauthorized access. Vulnerability testing involves identifying & exposing the software, hardware or network vulnerabilities that can be exploited by hackers and other malicious programs likes viruses or worms. With increase in the number of hackers and malicious programs, Vulnerability Testing has become one of the critical types of QA testing for success of a business.
What if the system crashes? Even though it won’t after all the testing is completed, but still we need to be prepared for the worst, i.e. testing how well a system recovers from crashes, hardware failures, or other catastrophic problems.
Data & Database Integrity Testing
After all everything online is about the data. How can we exclude the database then? Data integrity testing aims to check if the data stored in the database is accurate and produces results as per the expectations – whether it is possible to retrieve blank information from the database or not, is data validated properly before getting saved in the database, can the data stored in database be updated, are you able to run tests for all kind of data files etc. In other words data integrity testing is carried out to ensure that the data is accurate and consistent over its entire life cycle.
Database integrity on the other hand deals with testing of all the necessary methods and processes that are important for accessing the database and managing the data within. The data should not get corrupted and should not get deleted, updated or created unknowingly, and there should be test cases to make these validations.
Manual approach is to carefully examine the data flow between back-end & front-end. Creating, updating or deleting the data from front-end is successfully reflected at the back-end, check for database mandatory fields, database constraints & rules or checking the procedure using SQL Query analyzer.
Types of QA testing Continued – Understanding different ‘Types of Software Testing’ (part II)!